Add role option for bypass exceptions

Artur Fedorovrequested to merge
548484-policies-roles-selector-bypass-options into master

What does this MR do and why?

This merge request refactors the role selection functionality in a security policy editor. The main changes include:

Code Organization: The RoleSelect component was moved from a specific action folder to a shared components folder, making it reusable across different parts of the application.

Enhanced Role Support: The system now distinguishes between regular roles (like "maintainer" or "developer") and custom roles (identified by numeric IDs). When roles are selected, they're automatically sorted into separate arrays based on whether they're standard or custom roles.

Policy Exceptions Feature: A new roles selector was added to the policy exceptions modal, allowing users to specify which roles can bypass security policies. This includes proper form labels and descriptions to guide users.

Improved Counting Logic: The code now correctly counts both regular and custom roles when displaying totals in the user interface.

Better Component Flexibility: The role selector component now accepts custom CSS classes, making it more adaptable to different UI contexts.

Updated Tests: All related tests were updated to reflect the new file locations and enhanced functionality, ensuring the changes work correctly.

The overall goal is to make the role selection system more robust and user-friendly while maintaining clean, reusable code architecture.

References

Screenshots or screen recordings

Description UI
Adding roles roles.mov

How to set up and validate locally

Enable feature flag:

Feature.enable(:security_policies_bypass_options)
Feature.enable(:security_policies_bypass_options_group_roles)
  • Secure -> Policies
  • New merge request approval policy
  • Open Advanced settings
  • Click add exception button
  • Select roles option
  • Only linked to same SPP groups are loaded

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #548484 (closed)

Edited by Artur Fedorov

Merge request reports